[Secure-testing-team] Bug#872854: dnsdist: CVE-2016-7069 CVE-2017-7557

Salvatore Bonaccorso carnil at debian.org
Mon Aug 21 20:15:45 UTC 2017


Source: dnsdist
Version: 1.1.0-2
Severity: important
Tags: security patch upstream

Hi,

the following vulnerabilities were published for dnsdist, not filling
two bugs individually since 1.1.0 is commont for all affected suites.

CVE-2016-7069[0]:
Crafted backend responses can cause a denial of service

CVE-2017-7557[1]:
Alteration of ACLs via API authentication bypass

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-7069
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7069
[1] https://security-tracker.debian.org/tracker/CVE-2017-7557
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7557

Regards,
Salvatore



More information about the Secure-testing-team mailing list